apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

CPVM: use X509ExtendedTrustManager (#5419)

Browse Source
This commit is contained in:
Wei Zhou 2021-09-22 20:46:57 +02:00 committed by GitHub
parent 7d5393d577
commit 50a0e80de6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
services/console-proxy/server/src/main/java/com/cloud/consoleproxy/websocket/WebSocketReverseProxy.java
View File

@ -25,13 +25,14 @@ import org.java_websocket.handshake.ServerHandshake;
import org.java_websocket.protocols.Protocol; import org.java_websocket.protocols.Protocol;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager; import javax.net.ssl.X509ExtendedTrustManager;
import java.io.IOException; import java.io.IOException;
import java.net.Socket;
import java.net.URI; import java.net.URI;
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Collections; import java.util.Collections;
@ -54,15 +55,28 @@ public class WebSocketReverseProxy extends WebSocketClient {
private Session remoteSession; private Session remoteSession;
private void acceptAllCerts() { private void acceptAllCerts() {
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() { TrustManager[] trustAllCerts = new TrustManager[]{new X509ExtendedTrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() { @Override
return new java.security.cert.X509Certificate[]{}; public void checkClientTrusted (X509Certificate [] chain, String authType, Socket socket) {
} }
public void checkClientTrusted(X509Certificate[] chain, @Override
String authType) throws CertificateException { public void checkServerTrusted (X509Certificate [] chain, String authType, Socket socket) {
} }
public void checkServerTrusted(X509Certificate[] chain, @Override
String authType) throws CertificateException { public void checkClientTrusted (X509Certificate [] chain, String authType, SSLEngine engine) {
}
@Override
public void checkServerTrusted (X509Certificate [] chain, String authType, SSLEngine engine) {
}
@Override
public java.security.cert.X509Certificate [] getAcceptedIssuers () {
return null;
}
@Override
public void checkClientTrusted (X509Certificate [] certs, String authType) {
}
@Override
public void checkServerTrusted (X509Certificate [] certs, String authType) {
} }
}}; }};
SSLContext sc; SSLContext sc;